Cisco IOS Access Lists

In Chapter 8 we walked through the essentials of configuring a Cisco router for both static and dynamic routing. While the ability to route protocols like IP and IPX might be the central purpose of a router, a Cisco router is actually capable of much more. Cisco’s IOS includes the ability to “filter” network traffic based on source or destination address, protocols, port numbers, and more. In Cisco’s world, the ability to filter network traffic is accomplished through the use of access lists. Access lists can be defined for a variety of protocols, and ultimately allow you to control the types of traffic that will be allowed in or out of a router interface. For example, you might block a group of hosts from accessing a certain internal server, or limit systems to passing only HTTP traffic to another network.

While the concept of an access list may be simple, the actual implementation of access lists involves some careful planning. It is said that Cisco receives more support calls about misconfigured access lists than anything else. For the purpose of both the CCNA and CCDA exams, you will need to understand the essentials of access lists, including the different types that exist, their capabilities, and how rules are applied and evaluated. The topics that we’ll cover in this chapter include:

An introduction to access lists

Configuring standard and extended IP access lists

Configuring standard and extended IPX access lists

Configuring SAP access lists

The successful use of access lists involves both understanding how they are evaluated, and properly planning the implementation.